<?php

/*
 * wap 2.0 用户登录
 */

if (!defined('IN_SEXMALL')){
	die('Hacking attempt');
}

$step = empty($_REQUEST['step']) ? 'login' : trim($_REQUEST['step']);

$username = isset($_GET['username']) ? trim($_GET['username']) : '';
$username = htmlspecialchars($username);

/* 登录页面 */
if ($step == 'login')
{
	if (empty($back_act))
	{
		$back_act = wap_getcookie("WAP[back_act]");

		if (empty($back_act) && isset($GLOBALS['_SERVER']['HTTP_REFERER']))
		{
			$back_act = htmlspecialchars($GLOBALS['_SERVER']['HTTP_REFERER']);
		}
		else if(empty($back_act))
		{
			$back_act = 'user.html';
		}
	}

	// 登录失败次数,3次以上需要验证码
	$login_fail_num = $mem->getCache('login_fail_num');
	$login_fail_num_by_ip = $mem->getCache('login_fail_num_by_ip_'.ip2long($sess->_ip), true);
	$captcha = intval($_CFG['captcha']);

	if ( ($captcha & CAPTCHA_LOGIN)
	&& ( !($captcha & CAPTCHA_LOGIN_FAIL) || (($captcha & CAPTCHA_LOGIN_FAIL) && ($login_fail_num > 2 || $login_fail_num_by_ip > 2)) )
	&& gd_version() > 0 )
	{
		$smarty->assign('enabled_captcha', 1);
		$smarty->assign('rand',    mt_rand());
	}

	/* OMNITURE 统计  */
	include 'omniture/user_login.php';

	$smarty->assign('username', 		$username);
	$smarty->assign('back_act', 		($back_act));

	$smarty->display('user_login.dwt');
}

/*  登录提交 */
else if ($step == 'act_login')
{
	include_once(ROOT_PATH . 'includes/cls_json.php');
	$json = new JSON;

	$now = local_time();
	$data = !empty($_POST['data']) ? trim($_POST['data']) : '';
	list($username, $timestamp, $password) = explode(':', $data);

	$timestamp = base64_decode($timestamp);
	if ($now - $timestamp >= 600){
		$error['error'] = 'error';
		$error['title'] = '登录失败：用户名或密码错误';
		$error['act'] 	= '重新登录';
		die($json->encode($error));
	}
	$username = base64_decode($username);
	$password = base64_decode($password);

	$remember = isset($_POST['remember']) ? intval($_POST['remember']) : 0;

	$back_act = wap_getcookie("WAP[back_act]");
	wap_setcookie("WAP[back_act]");

	// 设置跳转页面
	if (empty($back_act) && isset($_POST['back_act']))
	{
		$back_act = trim($_POST['back_act']);
	}
	else if (empty($back_act))
	{
		$back_act = 'user.html';
	}

	/* 检查用户输入(用户名只能为手机号、邮箱,密码最小长度为6位) */
	$error = array();

	$login_fail_num = $mem->getCache('login_fail_num');
	$login_fail_num_by_ip = $mem->getCache('login_fail_num_by_ip_'.ip2long($sess->_ip), true);
	$captcha = intval($_CFG['captcha']);

	// 检查用户名
	if (empty($username) )
	{
		$error['error'] = 'error';
		$error['title'] = '请输入用户名';
		$error['act'] 	= '重新登录';
		$error['url'] 	= 'index.php?m=user&act=login';
	}
	// 检查密码
	else if (empty($password))
	{
		$error['error'] = 'error';
		$error['title'] = '请输入密码';
		$error['act'] 	= '重新登录';
		$error['url'] 	= 'index.php?m=user&act=login&username='.$username;
	}
	// 检查验证码
	else if ( ($captcha & CAPTCHA_LOGIN)
	&& ( !($captcha & CAPTCHA_LOGIN_FAIL) || (($captcha & CAPTCHA_LOGIN_FAIL) && ($login_fail_num > 2 || $login_fail_num_by_ip > 2)) )
	&& gd_version() > 0 )
	{
		if (empty($_POST['captcha']))
		{
			$error['error'] = 'error';
			$error['title'] = '请输入验证码';
			$error['act'] 	= '重新登录';
			$error['url'] 	= 'index.php?m=user&act=login&username='.$username;
		}
		else
		{
			/* 检查验证码 */
			include_once('includes/cls_captcha.php');
			$validator = new captcha();
			if (!$validator->check_word($_POST['captcha']))
			{
				$error['error'] = 'error';
				$error['title'] = '验证码错误';
				$error['act'] 	= '重新登录';
				$error['url'] 	= 'index.php?m=user&act=login&username='.$username;
			}
		}
	}

	/* 错误提示 */
	if (!empty($error))
	{
		/* 更新失败登录次数 */
		if ($login_fail_num || $login_fail_num_by_ip)
		{
			// 失败次数3次以上，需要验证码
			if ($login_fail_num > 2 || $login_fail_num_by_ip > 2)
			{
				$mem->addCache('login_captcha', 1, 300);
			}

			// 记录失败次数
			$mem->addCache('login_fail_num', $login_fail_num + 1, 300);
			$mem->addCache('login_fail_num_by_ip_'.ip2long($sess->_ip), $login_fail_num_by_ip + 1, 300, true);
		}
		else
		{
			$mem->addCache('login_fail_num', 1, 300);
			$mem->addCache('login_fail_num_by_ip_'.ip2long($sess->_ip), 1, 300, true);
		}

		// 输出错误提示
		show_message($error['title'], $error['act'], $error['url'], $error['error']);
	}

	$result = user_login($username, $password, $remember);


	/* 登录成功 */
	if ($result)
	{

		$back_act = urldecode($back_act);
		wap_header('Location: '.$back_act);
	}
	/* 登录失败 */
	else
	{
		// 记录登录失败次数，失败次数3次以上，需要验证码
		if ($login_fail_num || $login_fail_num_by_ip)
		{
			if ($login_fail_num > 2 || $login_fail_num_by_ip > 2){
				$mem->addCache('login_captcha', 1, 300);
			}
			$mem->addCache('login_fail_num', $login_fail_num + 1, 300);
			$mem->addCache('login_fail_num_by_ip_'.ip2long($sess->_ip), $login_fail_num_by_ip + 1, 300, true);
		}
		else
		{
			$mem->addCache('login_fail_num', 1, 300);
			$mem->addCache('login_fail_num_by_ip_'.ip2long($sess->_ip), 1, 300, true);
		}

		show_message('登录失败: 用户名或密码错误', '重新登录', 'index.php?m=user&act=login&username='.$username, 'error');
	}

}

